You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(aws): support private subnets when deploying into existing VPCs
When --vpc-id is set and the chosen AZ contains only private subnets,
mapt now falls back to using any available subnet instead of failing.
Machines in private subnets connect outbound only (e.g. GitLab runner
registration), so inbound SSH rules, EIP allocation, load balancer
creation and SSH readiness checks are all skipped automatically.
Key changes:
- existingVPCNetwork tries GetPublicSubnetIDInAZ first; on failure
falls back to GetAnySubnetIDInAZ and marks IsPublic=false
- NetworkResult.IsPublic propagates to all host deploy functions;
EIP and LB are only created when IsPublic is true
- ComputeRequest respects nil Eip: no AssociatePublicIpAddress, no
EIP association, no LB target groups; GetHostDnsName falls back
to the instance private IP when neither EIP nor LB is present
- Security groups omit all inbound rules for private subnet deploys
- GetSubnetAZsForVPC returns all AZs (public and private) since
private-subnet AZs are now valid deployment targets
- GetAnySubnetIDInAZ added to data/network.go
- Spot AZ resolution hardened: describeAvailabilityZonesAllAsync
falls back to the standard describe when AllAvailabilityZones:true
is SCP-blocked; getPlacementScores restricts the placement score
request to regions where AZ ID resolution actually succeeded
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
0 commit comments